Hello,
Earlier today Kaspersky detected a trojan.banker, then deleted all the objects but could someone check the FRST logs to see if everything was removed. Also did Malwarebytes scan but nothing was detected. Thanks in advance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by Dyfan (administrator) on SINBAD (13-05-2021 14:33:53)
Running from C:\Users\Dyfan\Desktop
Loaded Profiles: Dyfan
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe
(Code Sector -> Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df64.exe
(Code Sector -> Code Sector) C:\Program Files (x86)\Direct Folders\df.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19>
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(JackettConsole) [File not signed] C:\ProgramData\Jackett\JackettConsole.exe
(JackettService) [File not signed] C:\ProgramData\Jackett\JackettService.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2020-09-26] (Open-Shell) [File not signed]
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [19456 2007-04-09] () [File not signed]
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [19968 2007-04-09] () [File not signed]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PrivateFolder] => C:\Program Files (x86)\PrivateFolder\PF_Pass.exe [253504 2012-12-31] (eMing Software Inc. -> eMing Software Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-03-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\MountPoints2: {2b13ba87-5fe2-11eb-825c-50465db36e87} - "G:\Setup.exe"
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\WINDOWS\system32\READREG /SILENT /FAIL=1
HKLM\...\Windows x64\Print Processors\Canon MP560 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA0.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP560 series: C:\WINDOWS\system32\CNMLMA0.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC)
BootExecute: PDBoot.exeautocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {395C37E6-F737-42E3-87CC-6995B0CE846C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {5807951C-9665-4994-B992-DFE8BB56DB33} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {589EE948-D775-4ECF-9841-5C5C4484EE31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {96105BC3-AFEE-47A7-8891-D5695DCAFAA5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> )
Task: {B3DDBA0C-2045-433C-82BA-A3D7B3E29004} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C38DB12F-6996-49D9-A354-E58EA55CD46E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {CD8993E1-0076-4DC4-9D2D-731B3BD5EAE8} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424 2012-03-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {CF79DC15-CE26-488D-99B8-BDBF722552B4} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {FE988C55-483B-4B7F-B571-8251A053352D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-05-11] () [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{FB23B534-7674-410D-9BF6-24D3C4A67BF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.2,1]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default [2021-05-13]
CHR DownloadDir: H:\FRD
CHR Notifications: Default -> hxxps://loadsite.online; hxxps://mail.protonmail.com; hxxps://mail.yandex.com; hxxps://www.enjoythemusic.net
CHR Extension: (uBlock Origin) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-09]
CHR Extension: (Strong Password Generator) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco [2021-01-25]
CHR Extension: (I don't care about cookies) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2021-04-17]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-01-25]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2021-01-26]
CHR Extension: (Protect My Choices) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2021-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-15]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2021-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2021-01-25] (ASUSTeK Computer Inc.) [File not signed] [File is in use]
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-01-26] (GuinpinSoft inc) [File not signed]
R2 Jackett; C:\ProgramData\Jackett\JackettService.exe [405504 2021-05-12] (JackettService) [File not signed]
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-09] (Malwarebytes Inc -> Malwarebytes)
R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [151296 2007-04-12] (Creative -> Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
R3 ctgame; C:\WINDOWS\system32\DRIVERS\ctgame.sys [28544 2015-07-01] (Creative Technology Ltd -> Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245752 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [283144 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [108576 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [216576 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-26] (Malwarebytes Inc -> Malwarebytes)
R1 PFolder; C:\WINDOWS\System32\Drivers\PFolder64.sys [57832 2012-12-31] (eMing Software Inc. -> eMing Software Inc.)
S3 rtdrm; C:\WINDOWS\System32\drivers\rtdrm64.sys [19656 2021-01-23] (TenAsys Corporation -> TenAsys Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-13 14:33 - 2021-05-13 14:34 - 000019621 _____ C:\Users\Dyfan\Desktop\FRST.txt
2021-05-13 14:32 - 2021-05-13 14:34 - 000000000 ____D C:\FRST
2021-05-13 14:30 - 2021-05-13 14:30 - 002299392 _____ (Farbar) C:\Users\Dyfan\Desktop\FRST64.exe
2021-05-13 13:35 - 2021-05-13 13:35 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-13 11:31 - 2021-05-13 11:31 - 000235730 _____ C:\TDSSKiller.3.1.0.28_13.05.2021_11.31.01_log.txt
2021-05-13 11:26 - 2021-05-13 11:26 - 000283144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-05-13 11:20 - 2021-05-13 11:20 - 000245752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-05-13 11:20 - 2021-05-13 11:20 - 000216576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-05-13 11:20 - 2021-05-13 11:20 - 000108576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-05-13 11:20 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-05-13 11:20 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2021-05-13 11:19 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-05-13 11:19 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-05-13 11:19 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-05-13 11:19 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-05-13 11:04 - 2021-05-13 11:09 - 000000013 _____ C:\ProgramData\krosqm.txt
2021-05-12 16:12 - 2021-05-12 16:12 - 024514956 _____ C:\Users\Dyfan\Documents\E8021_F2A85-V_PRO.pdf
2021-05-12 15:17 - 2021-05-12 15:38 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Direct Folders
2021-05-12 15:17 - 2021-05-12 15:17 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Direct Folders.lnk
2021-05-12 15:17 - 2021-05-12 15:17 - 000000000 ____D C:\Program Files (x86)\Direct Folders
2021-05-12 14:37 - 2021-05-12 14:37 - 000000000 ____D C:\Users\Dyfan\AppData\Local\calibre-ebook.com
2021-05-12 14:37 - 2021-05-12 14:37 - 000000000 ____D C:\Users\Dyfan\AppData\Local\cache
2021-05-12 13:59 - 2021-05-12 13:59 - 000637646 _____ C:\Users\Dyfan\Documents\Jennifer's Body (2009).XtoDVD
2021-05-12 12:36 - 2021-05-12 12:36 - 000234816 _____ C:\TDSSKiller.3.1.0.28_12.05.2021_12.36.07_log.txt
2021-05-12 10:09 - 2021-04-06 07:51 - 001678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-11 15:01 - 2021-05-11 15:01 - 000000958 _____ C:\Users\Dyfan\Documents\jennifer's body unrated.txt
2021-05-10 11:20 - 2021-05-10 11:20 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Fredrik_Blomqvist
2021-05-09 20:20 - 2021-05-09 20:20 - 000000000 ____D C:\Users\Dyfan\Desktop\mkvtoolnix-64-bit-56.1.0
2021-05-08 10:26 - 2021-05-13 13:42 - 000000000 ____D C:\Users\Dyfan\AppData\LocalLow\IGDump
2021-05-08 10:23 - 2021-05-08 10:23 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-05-08 10:23 - 2021-05-08 10:23 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Package Cache
2021-05-07 23:38 - 2021-05-07 23:38 - 000000000 ____D C:\Users\Dyfan\Documents\Audacity
2021-05-07 18:11 - 2021-05-12 11:39 - 000000000 ____D C:\ProgramData\Jackett
2021-05-07 18:11 - 2021-05-07 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jackett
2021-05-05 11:22 - 2021-05-05 11:22 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Kaspersky Lab
2021-05-04 12:47 - 2021-05-04 12:47 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-05-03 17:35 - 2021-05-03 17:35 - 000924336 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2021-05-03 17:35 - 2021-05-03 17:35 - 000924336 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2021-05-03 17:35 - 2021-05-03 17:35 - 000058032 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Digiarty
2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\Program Files (x86)\Digiarty
2021-05-03 10:16 - 2021-05-03 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-05-03 10:16 - 2021-05-03 10:16 - 000000000 ____D C:\Program Files\qBittorrent
2021-05-02 11:48 - 2021-05-02 11:48 - 000000086 _____ C:\Users\Dyfan\Documents\This Is The Zodiak Speaking.txt
2021-05-02 10:20 - 2021-05-02 10:27 - 000000000 ____D C:\Users\Dyfan\AppData\Local\EZ CD Audio Converter
2021-05-02 10:20 - 2021-05-02 10:21 - 000000000 ____D C:\Program Files\EZ CD Audio Converter
2021-05-02 10:20 - 2021-05-02 10:20 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ CD Audio Converter.lnk
2021-05-02 10:20 - 2021-05-02 10:20 - 000000000 ____D C:\ProgramData\EZ CD Audio Converter
2021-05-01 14:06 - 2021-05-12 13:53 - 000000000 ____D C:\Users\Dyfan\Documents\ConvertXtoDVD_Resources
2021-05-01 14:04 - 2021-05-12 23:35 - 000000000 ____D C:\ProgramData\VSO
2021-05-01 14:04 - 2021-05-12 13:58 - 000000000 ____D C:\Users\Dyfan\Documents\ConvertXToDVD
2021-05-01 14:04 - 2021-05-01 14:06 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\VSO
2021-05-01 14:04 - 2021-05-01 14:04 - 000099384 _____ C:\Users\Dyfan\AppData\Roaming\inst.exe
2021-05-01 14:04 - 2021-05-01 14:04 - 000082816 _____ (VSO Software) C:\Users\Dyfan\AppData\Roaming\pcouffin.sys
2021-05-01 14:04 - 2021-05-01 14:04 - 000007859 _____ C:\Users\Dyfan\AppData\Roaming\pcouffin.cat
2021-05-01 14:04 - 2021-05-01 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2021-05-01 14:04 - 2021-05-01 14:04 - 000000000 ____D C:\Program Files (x86)\VSO
2021-04-30 09:35 - 2021-04-30 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-04-29 11:35 - 2021-05-13 14:30 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TeraCopy
2021-04-29 11:35 - 2021-04-29 11:35 - 000000919 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy.lnk
2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\ProgramData\Code Sector
2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\ProgramData\Caphyon
2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\Program Files\TeraCopy
2021-04-28 21:42 - 2021-05-06 22:41 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\dvdcss
2021-04-26 08:53 - 2021-04-26 08:57 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\XMedia Recode
2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\Users\Dyfan\AppData\Local\RadeonInstaller
2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\ProgramData\AMD
2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\AMD
2021-04-25 17:32 - 2021-04-25 17:32 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Hard Disk Sentinel
2021-04-25 17:31 - 2021-04-26 07:53 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-04-25 17:31 - 2021-04-25 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2021-04-25 12:09 - 2021-04-25 12:09 - 018869868 _____ C:\Users\Dyfan\Desktop\mkvtoolnix-64-bit-56.1.0.7z
2021-04-25 11:58 - 2021-04-25 11:58 - 000000000 ____D C:\Users\Dyfan\ultracopier
2021-04-24 16:21 - 2021-04-25 10:50 - 000000000 ____D C:\Program Files (x86)\KillSoft
2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TagScanner
2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\Program Files\TagScanner
2021-04-21 21:10 - 2021-04-21 21:10 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TagScanner_old
2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\MAAT
2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAAT
2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Program Files\MAAT
2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Program Files\Common Files\MAAT
2021-04-18 14:40 - 2021-04-18 14:40 - 000000630 _____ C:\Users\Dyfan\Desktop\Temp - Shortcut.lnk
2021-04-17 22:06 - 2021-04-17 22:06 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\r128gain
2021-04-17 13:01 - 2021-04-17 13:01 - 000000000 ____D C:\ProgramData\ASUS OC Profiles
2021-04-14 13:41 - 2021-04-14 13:41 - 000000000 ____D C:\Users\Dyfan\AppData\Local\IsolatedStorage
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-13 14:29 - 2021-01-25 17:11 - 000000000 ____D C:\Users\Dyfan\AppData\Local\OpenShell
2021-05-13 14:22 - 2021-01-25 22:37 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\qBittorrent
2021-05-13 13:46 - 2021-01-25 20:26 - 000000000 ____D C:\ProgramData\FanXpert2
2021-05-13 12:46 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2021-05-13 12:40 - 2021-01-25 17:06 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1704149506-1908064861-659173645-1001
2021-05-13 11:39 - 2021-01-25 21:27 - 000000000 ____D C:\Program Files\CCleaner
2021-05-13 11:35 - 2021-01-25 16:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-05-13 11:35 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 11:20 - 2021-01-25 21:07 - 000003032 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-05-13 11:20 - 2021-01-25 21:07 - 000000000 ____D C:\Program Files\Common Files\AV
2021-05-13 11:20 - 2021-01-25 21:06 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-05-13 11:20 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2021-05-13 11:19 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-13 11:19 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2021-05-13 11:12 - 2021-01-25 17:09 - 000003918 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{29C36ED8-C146-4CB0-97F8-C03FE50B218A}
2021-05-13 11:06 - 2021-01-26 11:14 - 000000000 ____D C:\Users\Dyfan\AppData\LocalLow\Mozilla
2021-05-13 11:06 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-05-13 10:10 - 2021-01-28 19:30 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\MPC-HC
2021-05-12 23:35 - 2021-01-26 00:36 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Everything
2021-05-12 23:35 - 2021-01-25 21:16 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Everything
2021-05-12 22:45 - 2021-01-25 21:56 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\foobar2000
2021-05-12 22:23 - 2021-02-01 14:06 - 000000000 ____D C:\Users\Dyfan\Documents\ShareX
2021-05-12 19:43 - 2021-02-02 13:37 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\vlc
2021-05-12 14:45 - 2021-02-01 14:01 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\calibre
2021-05-12 14:44 - 2021-02-01 14:03 - 000000000 ____D C:\Users\Dyfan\AppData\Local\calibre-cache
2021-05-12 10:37 - 2013-08-22 15:44 - 000337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-12 10:36 - 2014-03-18 15:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-05-12 10:20 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 10:19 - 2021-01-25 18:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 10:15 - 2021-01-25 18:08 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 20:50 - 2021-03-29 21:13 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\HandBrake
2021-05-11 15:20 - 2021-01-26 15:16 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Mp3tag
2021-05-11 14:27 - 2021-01-25 23:15 - 000000697 _____ C:\Users\Dyfan\Desktop\rush reissues.txt
2021-05-10 21:20 - 2021-01-25 17:38 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-10 11:04 - 2021-01-26 14:15 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\audacity
2021-05-09 10:52 - 2021-01-26 13:03 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-09 10:51 - 2021-01-26 13:03 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-08 10:23 - 2021-01-26 00:49 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-07 22:54 - 2021-01-26 14:12 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-05-06 22:00 - 2021-03-31 19:48 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\FFBatch
2021-05-05 15:18 - 2021-01-25 22:45 - 000000000 ____D C:\ProgramData\TEMP
2021-05-05 15:18 - 2021-01-25 22:45 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-05-04 23:32 - 2021-02-06 00:33 - 000000000 ____D C:\Users\Dyfan\AppData\Local\CrashDumps
2021-05-03 18:17 - 2021-03-16 12:42 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\ImgBurn
2021-05-02 12:25 - 2021-02-06 22:51 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\XRECODE3
2021-05-02 11:41 - 2021-01-26 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2021-05-02 11:41 - 2021-01-26 13:06 - 000000000 ____D C:\Program Files (x86)\Calibre2
2021-04-30 09:35 - 2021-01-26 00:54 - 000000000 ____D C:\ProgramData\Garmin
2021-04-30 09:35 - 2021-01-26 00:49 - 000003554 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-04-30 09:35 - 2021-01-26 00:49 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-04-30 09:29 - 2021-01-25 21:27 - 000003870 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-28 22:50 - 2021-01-28 20:07 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\CUE Tools
2021-04-26 08:44 - 2021-01-28 16:27 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Mozilla
2021-04-26 08:44 - 2021-01-25 16:54 - 000000000 ____D C:\Program Files\AMD
2021-04-25 16:33 - 2021-01-25 17:01 - 000000000 ____D C:\Users\Dyfan
2021-04-24 15:04 - 2021-04-03 22:55 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\BatchEncoder
2021-04-24 12:55 - 2021-01-27 12:24 - 000034240 _____ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx
2021-04-24 12:55 - 2021-01-27 12:24 - 000034240 _____ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx
2021-04-24 12:55 - 2021-01-27 12:24 - 000030528 _____ C:\WINDOWS\system32\BMXCtrlState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx
2021-04-24 12:55 - 2021-01-27 12:24 - 000030528 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx
2021-04-24 12:55 - 2021-01-27 12:24 - 000011564 _____ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx
2021-04-20 22:33 - 2021-01-26 14:12 - 000001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-04-20 21:13 - 2021-01-25 17:33 - 000003332 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 21:13 - 2021-01-25 17:33 - 000003204 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-17 23:46 - 2021-01-26 22:47 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\dBpoweramp
2021-04-17 13:13 - 2021-01-25 18:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-17 13:07 - 2021-01-25 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-04-17 13:07 - 2021-01-25 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-04-16 10:08 - 2021-03-31 18:18 - 000000000 ____D C:\Users\Dyfan\AppData\Local\clever_FFmpeg_GUI
2021-04-13 22:24 - 2014-03-18 16:26 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-13 10:41 - 2021-01-25 22:00 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-13 10:41 - 2021-01-25 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-13 10:40 - 2021-01-25 22:00 - 000000000 ____D C:\Program Files\WinRAR
==================== Files in the root of some directories ========
2021-05-01 14:04 - 2021-05-01 14:04 - 000099384 _____ () C:\Users\Dyfan\AppData\Roaming\inst.exe
2021-05-01 14:04 - 2021-05-01 14:04 - 000007859 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.cat
2021-05-01 14:04 - 2021-05-01 14:04 - 000001167 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.inf
2021-05-01 14:04 - 2021-05-01 14:04 - 000000055 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.log
2021-05-01 14:04 - 2021-05-01 14:04 - 000082816 _____ (VSO Software) C:\Users\Dyfan\AppData\Roaming\pcouffin.sys
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-05-08 11:22
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by Dyfan (13-05-2021 14:34:40)
Running from C:\Users\Dyfan\Desktop
Windows 8.1 (Update) (X64) (2021-01-25 16:01:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1704149506-1908064861-659173645-500 - Administrator - Disabled)
Dyfan (S-1-5-21-1704149506-1908064861-659173645-1001 - Administrator - Enabled) => C:\Users\Dyfan
Guest (S-1-5-21-1704149506-1908064861-659173645-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1704149506-1908064861-659173645-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Security Cloud (Enabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{19BDF435-8F4A-4AFC-80AE-AF007BD67A8E}) (Version: 4.15.1.4190 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{86b588ff-78bb-4251-85d5-56f2450b123a}) (Version: 4.14.2.4070 - Open Media LLC)
ANT Drivers Installer x64 (HKLM\...\{1BC0225E-AF99-4434-92CC-615111CE698F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ant Video downloader (Native messaging host) (HKLM-x32\...\{41A57734-2ED5-449A-BAF0-F0B356417716}) (Version: 4.7 - Ant.com)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
AudioMuxer 0.9.6.4 (HKLM-x32\...\{E62BDA87-5FD3-4A47-9CF1-F3B04C542713}_is1) (Version: 0.9.6.4 - Pl4yit)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
calibre (HKLM-x32\...\{46FD03C7-BCA4-4075-A384-AE21E2155424}) (Version: 5.17.0 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
CrystalDiskInfo 8.12.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.0 - Crystal Dew World)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 17.3 - Illustrate)
Direct Folders (HKLM-x32\...\DirectFoldersAppID_is1) (Version: 3.8 - Code Sector)
Elevated Installer (HKLM-x32\...\{C3D3E0B3-6B8D-4AF4-B49A-3583E512ECE8}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Everything 1.4.1.1005 (x64) (HKLM\...\Everything) (Version: 1.4.1.1005 - voidtools)
Exact Audio Copy 1.6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.6 - Andre Wiethoff)
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 9.1.6 - Poikosoft)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FFmpeg Batch AV Converter (HKLM\...\FFBATCH_cv_is1) (Version: 2.3.7 - Eibolsoft)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
foobar2000 v1.6.5 (HKLM-x32\...\foobar2000) (Version: 1.6.5 - Peter Pawlowski)
Garmin Express (HKLM-x32\...\{034F279C-D74E-42F2-8CEC-216E91969B29}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{afe06296-a3d5-48cf-88a2-77629aeb124b}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries)
get_iplayer 3.27.1 (x64) (HKLM\...\get_iplayer_is1) (Version: 3.27.1 - The get_iplayer Contributors)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.61 - Janos Mathe)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Jackett (HKLM-x32\...\{C2A9FC00-AA48-4F17-9A72-62FBCEE2785B}_is1) (Version: 0.17.1032.0 - Jackett)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.9 - Oracle Corporation)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
K-Lite Codec Pack 16.1.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.1.6 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
MAAT DROffline MkII (HKLM\...\DROffline MkII_is1) (Version: 2.1.3 - MAAT)
MakeMKV v1.16.3 (HKLM-x32\...\MakeMKV) (Version: v1.16.3 - GuinpinSoft inc)
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mp3tag v3.06a (HKLM-x32\...\Mp3tag) (Version: 3.06a - Florian Heidenreich)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Open-Shell (HKLM\...\{F4B6EE58-F183-4B0D-930B-4480673C0F5B}) (Version: 4.4.160 - The Open-Shell Team)
PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.893 - Raxco Software Inc.)
Python 3.9.5 (64-bit) (HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation)
Python 3.9.5 Core Interpreter (64-bit) (HKLM\...\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Development Libraries (64-bit) (HKLM\...\{AEE58901-97A1-422A-B964-4FD9BF3327B8}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Documentation (64-bit) (HKLM\...\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Executables (64-bit) (HKLM\...\{843C07B6-040E-4E83-B244-5383247D70AB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 pip Bootstrap (64-bit) (HKLM\...\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Standard Library (64-bit) (HKLM\...\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Tcl/Tk Support (64-bit) (HKLM\...\{351016A7-AED4-4824-8D2E-2F9ED497CF77}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Test Suite (64-bit) (HKLM\...\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Utility Scripts (64-bit) (HKLM\...\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B6EF11B6-0882-43B1-AA75-4D3BD32A144A}) (Version: 3.9.7427.0 - Python Software Foundation)
qBittorrent 4.3.5 (HKLM-x32\...\qBittorrent) (Version: 4.3.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.4.0 - ShareX Team)
Spek (HKLM-x32\...\{7CDF6754-F5A0-4F34-B589-197530FEF862}) (Version: 0.8.2 - Spek Project)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
TagScanner 6.1.8 (64-bit) (HKLM\...\TagScanner_is1) (Version: - Sergey Serkov)
TeraCopy (HKLM\...\{952ED35A-74C3-4204-8F01-986D8711B41D}) (Version: 3.8.5 - Code Sector)
Trader's Little Helper 2.8.4 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.8.4 - Robert Hoffmann)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.69 - VSO Software)
Weiss Engineering Saracon (HKLM-x32\...\Saracon) (Version: 01.61-27 - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Packages:
=========
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2020-09-08] (Poikosoft -> Poikosoft)
ContextMenuHandlers1: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2020-09-08] (Poikosoft -> Poikosoft)
ContextMenuHandlers4: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector)
ContextMenuHandlers5: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers6: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2020-09-26] (Open-Shell) [File not signed]
ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-05-07 18:11 - 2021-05-12 11:39 - 000205824 _____ () [File not signed] [File is in use] C:\ProgramData\Jackett\YamlDotNet.dll
2021-01-25 18:46 - 2010-08-23 11:17 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2021-01-25 18:47 - 2011-07-12 19:14 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2021-01-25 18:48 - 2012-10-08 17:07 - 000972288 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2021-01-25 18:47 - 2010-10-05 08:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2021-01-25 18:47 - 2010-10-05 08:22 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2021-01-25 18:47 - 2012-05-28 21:27 - 001622528 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2021-01-25 18:47 - 2009-08-12 20:15 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2021-01-25 18:48 - 2012-05-25 10:33 - 000883712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2021-01-25 18:48 - 2011-09-19 20:18 - 001243136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2021-01-25 18:47 - 2011-07-21 09:06 - 000846848 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2021-01-25 18:47 - 2012-08-29 18:09 - 000875520 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2021-01-25 18:39 - 2010-06-29 11:58 - 000104448 ____N () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2021-01-25 18:39 - 2021-05-13 11:35 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2021-05-12 15:17 - 2012-07-29 10:23 - 000073728 _____ () [File not signed] C:\Program Files (x86)\Direct Folders\dfh32.dll
2021-05-12 15:17 - 2012-07-29 10:22 - 000072192 _____ () [File not signed] C:\Program Files (x86)\Direct Folders\dfh64.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000829440 _____ (AngleSharp) [File not signed] [File is in use] C:\ProgramData\Jackett\AngleSharp.dll
2021-01-25 18:46 - 2010-08-09 22:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
2021-01-25 18:47 - 2010-08-09 21:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll
2021-01-25 18:48 - 2010-11-30 14:13 - 000108544 ____N (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\asacpi.dll
2021-01-25 18:48 - 2021-01-25 18:46 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsAcpi.dll
2021-01-25 18:46 - 2010-08-12 08:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\asacpiEx.dll
2021-01-25 18:47 - 2010-08-12 07:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\asacpiEx.dll
2021-01-25 18:47 - 2010-10-05 08:22 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll
2021-01-25 18:48 - 2010-09-08 21:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll
2021-01-25 18:48 - 2012-06-15 00:03 - 001016320 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll
2021-01-25 18:48 - 2012-03-21 19:41 - 000677376 ____N (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\asacpiEx.dll
2021-01-25 18:48 - 2010-06-03 20:04 - 000221184 ____N (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\AsMultiLang.dll
2021-01-25 18:48 - 2012-05-23 15:28 - 001545728 ____N (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\FanXpert2.dll
2021-01-25 18:48 - 2010-03-08 17:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll
2021-01-25 18:47 - 2010-03-08 17:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll
2021-01-25 18:47 - 2010-03-08 17:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll
2021-01-25 18:48 - 2021-01-25 18:46 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\asacpiEx.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000251904 _____ (Autofac) [File not signed] [File is in use] C:\ProgramData\Jackett\Autofac.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000015872 _____ (Autofac) [File not signed] [File is in use] C:\ProgramData\Jackett\Autofac.Extensions.DependencyInjection.dll
2021-01-26 12:08 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2021-05-07 18:11 - 2021-05-12 11:39 - 000018432 _____ (Diego Heras (ngosang)) [File not signed] [File is in use] C:\ProgramData\Jackett\FlareSolverrSharp.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000217088 _____ (gsscoder;nemec;ericnewton76;moh-hassan) [File not signed] [File is in use] C:\ProgramData\Jackett\CommandLine.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 001252352 _____ (Jackett.Common) [File not signed] [File is in use] C:\ProgramData\Jackett\Jackett.Common.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000393216 _____ (JackettConsole) [File not signed] [File is in use] C:\ProgramData\Jackett\JackettConsole.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000312832 _____ (JackettService) [File not signed] [File is in use] C:\ProgramData\Jackett\JackettService.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000297472 _____ (Jimmy Bogard) [File not signed] [File is in use] C:\ProgramData\Jackett\AutoMapper.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000010752 _____ (Landon Key) [File not signed] [File is in use] C:\ProgramData\Jackett\SocksWebProxy.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000817152 _____ (NLog) [File not signed] [File is in use] C:\ProgramData\Jackett\NLog.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000046080 _____ (NLog) [File not signed] [File is in use] C:\ProgramData\Jackett\NLog.Extensions.Logging.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000046592 _____ (NLog) [File not signed] [File is in use] C:\ProgramData\Jackett\NLog.Web.AspNetCore.dll
2020-09-26 14:47 - 2020-09-26 14:47 - 000975872 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\ClassicExplorer64.dll
2020-09-26 14:47 - 2020-09-26 14:47 - 002659328 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2020-09-26 14:48 - 2020-09-26 14:48 - 000562688 _____ (Open-Shell) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2021-05-07 18:11 - 2021-05-12 11:39 - 000028672 _____ (Org.Mentalis) [File not signed] [File is in use] C:\ProgramData\Jackett\Org.Mentalis.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
AlternateDataStreams: C:\ProgramData\TEMP:D735933A [138]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80753807.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80753807.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2020-09-26] (Open-Shell) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2020-09-26] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\FFmpeg\bin;C:\FFmpeg\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files\get_iplayer
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: kpm_launch_service => 3
HKLM\...\StartupApproved\Run: => "Open-Shell Start Menu"
HKLM\...\StartupApproved\Run: => "AsioReg"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run32: => "CTHelper"
HKLM\...\StartupApproved\Run32: => "CTxfiHlp"
HKLM\...\StartupApproved\Run32: => "AsioThk32Reg"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "PrivateFolder"
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\StartupApproved\Run: => "ultracopier"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A003020E-8BAC-4330-82F1-F03E00203013}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{CF7468BC-9F59-4C8E-86BA-3D871F5DD53D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{8316E5D8-B835-4D16-9E38-C7AF2CED5C45}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{91320F9D-2E42-4A2E-8579-6F1E7C408A23}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{84304862-91A3-42CD-B4D7-340314FBE947}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CFD4F7E8-995E-40BF-8E70-31F2DF31DC26}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [UDP Query User{E494B49E-5D0E-4FA9-8903-6AB0907EEBB2}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [{AB327029-4A72-40CA-A83A-0C4DA4701735}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{BAB32843-1F0B-4697-92F7-69794BA2F8C3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{39C3E5B7-4183-44C6-B740-E6E044917A87}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{A715F1E7-C432-4286-9AD1-C7AE39E22061}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3B02CCCE-05E3-497A-8E02-9AB5AAB2E0CE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
09-05-2021 13:42:31 Removed Kaspersky Password Manager
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/13/2021 11:34:56 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2121-04-19T10:34:56Z. Error Code: 0x80070005.
Error: (05/13/2021 11:34:26 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2121-04-19T10:34:26Z. Error Code: 0x80070005.
Error: (05/13/2021 11:33:56 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2121-04-19T10:33:56Z. Error Code: 0x80070005.
Error: (05/13/2021 11:33:26 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2121-04-19T10:33:26Z. Error Code: 0x80070005.
Error: (05/13/2021 11:07:11 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/13/2021 11:03:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.987, time stamp: 0x60894603
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process ID: 0x21e0
Faulting application start time: 0x01d747ded30be48e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: 844413d8-b3d2-11eb-82e7-50465db36e87
Faulting package full name:
Faulting package-relative application ID:
Error: (05/12/2021 09:55:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/11/2021 09:31:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (05/13/2021 12:41:37 PM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (05/13/2021 12:41:07 PM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (05/13/2021 11:35:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Error: (05/13/2021 11:35:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Error: (05/13/2021 11:35:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Error: (05/13/2021 11:35:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Error: (05/13/2021 11:34:20 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Error: (05/13/2021 11:34:20 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
Windows Defender:
================
Date: 2021-05-13 11:20:42.419
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-25 19:34:26.035
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
Date: 2021-01-25 19:23:38.065
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-01-25 19:23:38.065
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-01-25 18:42:21.528
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
Date: 2021-01-25 16:58:01.819
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.17700.4
Previous Engine Version: 1.1.9700.0
Error Code: 0x8050800c
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 5104 09/14/2012
Motherboard: ASUSTeK COMPUTER INC. F2A85-V PRO
Processor: AMD A6-6400K APU with Radeon HD Graphics
Percentage of memory in use: 40%
Total physical RAM: 7624.94 MB
Available physical RAM: 4533.46 MB
Total Virtual: 8840.94 MB
Available Virtual: 5199.26 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.9 GB) (Free:90.89 GB) NTFS
Drive d: (Black) (Fixed) (Total:931.51 GB) (Free:294.3 GB) NTFS
Drive e: (Maxtor) (Fixed) (Total:152.66 GB) (Free:41.92 GB) NTFS
Drive h: (Toshiba) (Fixed) (Total:2794.39 GB) (Free:739.22 GB) NTFS
Drive i: (K1) (Removable) (Total:59.05 GB) (Free:32.76 GB) FAT32
Drive m: (New Volume) (Fixed) (Total:2794.39 GB) (Free:304 GB) NTFS
\\?\Volume{70be6976-5f25-11eb-824e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 2C402D9B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.9 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C9699AB9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 152.7 GB) (Disk ID: 7B25CC4E)
Partition 1: (Active) - (Size=152.7 GB) - (Type=07 NTFS)
==========================================================
Disk: 4 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 5 (Protective MBR) (Size: 59.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Attached Files
Edited by RKinner, 13 May 2021 - 02:34 PM.